I am using traefik and Keycloak and already got portainer and other self hosted service working with sso. I have followed the advanced guide to configure and try netbird. When opening nb.mydomain.com I get the Keycloak user/password request and after I get a Request failed with status code 404 Error:. Tried several solution found but I am stuck there.
Hello,
I am using traefik and Keycloak and already got portainer and other self hosted service working with sso. I have followed the advanced guide to configure and try netbird. When opening nb.mydomain.com I get the Keycloak user/password request and after I get a Request failed with status code 404 Error:. Tried several solution found but I am stuck there.
my docker-compose:
services:
UI dashboard
nb-dashboard: image: netbirdio/dashboard:latest container_name: nb-dashboard restart: unless-stopped security_opt:
Endpoints
nb.mydomain.com
)Signal
nb-signal: image: netbirdio/signal:latest container_name: nb-signal restart: unless-stopped security_opt:
nb.mydomain.com
) && PathPrefix(/signalexchange.SignalExchange/
)Management
nb-management: image: netbirdio/management:latest container_name: nb-management restart: unless-stopped security_opt:
nb.mydomain.com
) && PathPrefix(/api
)nb.mydomain.com
) && PathPrefix(/management.ManagementService/
)Coturn
nb-coturn: image: coturn/coturn:latest restart: unless-stopped container_name: nb-coturn domainname: nb.mydomain.com volumes:
my management.json
{ "Stuns": [ { "Proto": "udp", "URI": "stun:nb.mydomain.com:3478", "Username": "", "Password": "" } ], "TURNConfig": { "TimeBasedCredentials": false, "CredentialsTTL": "12h0m0s", "Secret": "secret", "Turns": [ { "Proto": "udp", "URI": "turn:nb.mydomain.com:3478", "Username": "self", "Password": “…..” } ] }, "Signal": { "Proto": "https", "URI": "nb.mydomain.com:443", "Username": "", "Password": "" }, "Datadir": "/var/lib/netbird/", "DataStoreEncryptionKey": "VtYUCt+DW9s1cDMy4i63RlnkzmcmIpT4Z1Vu+n+bvXA=", "HttpConfig": { "AuthAudience": "netbird-client", "AuthIssuer": "https://auth.mydomain.com/realms/netbird", "AuthUserIDClaim": "", "AuthKeysLocation": "https://auth.mydomain.com/realms/netbird/protocol/openid-connect/certs", "OIDCConfigEndpoint": "https://auth.mydomain.com/realms/netbird/.well-known/openid-configuration", "IdpSignKeyRefreshEnabled": true },
}
docker logs nb-management
2024-04-04T20:55:33Z INFO management/cmd/management.go:455: loading OIDC configuration from the provided IDP configuration endpoint https://auth.mydomain.com/realms/netbird/.well-known/openid-configuration 2024-04-04T20:55:33Z INFO management/cmd/management.go:460: loaded OIDC configuration from the provided IDP configuration endpoint: https://auth.mydomain.com/realms/netbird/.well-known/openid-configuration 2024-04-04T20:55:33Z INFO management/cmd/management.go:462: overriding HttpConfig.AuthIssuer with a new value https://auth.mydomain.com/realms/netbird, previously configured value: https://auth.mydomain.com/realms/netbird 2024-04-04T20:55:33Z INFO management/cmd/management.go:466: overriding HttpConfig.AuthKeysLocation (JWT certs) with a new value https://auth.mydomain.com/realms/netbird/protocol/openid-connect/certs, previously configured value: https://auth.mydomain.com/realms/netbird/protocol/openid-connect/certs 2024-04-04T20:55:33Z INFO management/cmd/management.go:471: overriding DeviceAuthorizationFlow.TokenEndpoint with a new value: https://auth.mydomain.com/realms/netbird/protocol/openid-connect/token, previously configured value: https://auth.mydomain.com/realms/netbird/protocol/openid-connect/token 2024-04-04T20:55:33Z INFO management/cmd/management.go:474: overriding DeviceAuthorizationFlow.DeviceAuthEndpoint with a new value: https://auth.mydomain.com/realms/netbird/protocol/openid-connect/auth/device, previously configured value: https://auth.mydomain.com/realms/netbird/protocol/openid-connect/auth/device 2024-04-04T20:55:33Z INFO management/cmd/management.go:482: overriding DeviceAuthorizationFlow.ProviderConfig.Domain with a new value: auth.mydomain.com, previously configured value: auth.mydomain.com 2024-04-04T20:55:33Z INFO management/cmd/management.go:492: overriding PKCEAuthorizationFlow.TokenEndpoint with a new value: https://auth.mydomain.com/realms/netbird/protocol/openid-connect/token, previously configured value: https://auth.mydomain.com/realms/netbird/protocol/openid-connect/token 2024-04-04T20:55:33Z INFO management/cmd/management.go:495: overriding PKCEAuthorizationFlow.AuthorizationEndpoint with a new value: https://auth.mydomain.com/realms/netbird/protocol/openid-connect/auth, previously configured value: https://auth.mydomain.com/realms/netbird/protocol/openid-connect/auth 2024-04-04T20:55:33Z INFO management/server/telemetry/app_metrics.go:177: enabled application metrics and exposing on http://0.0.0.0:8081 2024-04-04T20:55:33Z INFO management/server/store.go:92: using SQLite store engine 2024-04-04T20:55:33Z DEBG management/server/activity/sqlite/sqlite.go:328: check deleted_users table version 2024-04-04T20:55:33Z DEBG management/server/geolocation/store.go:174: took 172.315208ms to setup geoname db 2024-04-04T20:55:33Z INFO management/cmd/management.go:173: geo location service has been initialized from /var/lib/netbird/ 2024-04-04T20:55:33Z INFO management/server/account.go:885: single account mode enabled, accounts number 0 2024-04-04T20:55:33Z DEBG management/server/idp/keycloak.go:125: requesting new jwt token for keycloak idp manager 2024-04-04T20:55:33Z DEBG management/server/ephemeral.go:135: loaded ephemeral peer(s): 0 2024-04-04T20:55:33Z INFO management/cmd/management.go:292: running gRPC backward compatibility server: [::]:33073 2024-04-04T20:55:33Z INFO management/cmd/management.go:324: management server version 0.27.0 2024-04-04T20:55:33Z INFO management/cmd/management.go:325: running HTTP server and gRPC server on the same port: [::]:443 2024-04-04T20:55:33Z INFO management/server/account.go:1072: 1 entries received from IdP management 2024-04-04T20:55:33Z INFO management/server/account.go:1101: warmed up IDP cache with 0 entries